Prismata: Confining Cross-Site Prompt Injection in Web Agents
- View PDF HTML (experimental) Abstract:Autonomous web agents promise to automate everyday browsing tasks, but inherit one of the web's oldest attack surfaces.
- Cross-Site Scripting proved that mixing trusted and untrusted content is dangerous, even on benign pages.
- Agents resurface this risk by interpreting natural language as instructions, allowing third-party and user-generated content to hijack the agent via prompt injection.
Unverified
- View PDF HTML (experimental) Abstract:Autonomous web agents promise to automate everyday browsing tasks, but inherit one of the web's oldest attack surfaces.
- Cross-Site Scripting proved that mixing trusted and untrusted content is dangerous, even on benign pages.
- Agents resurface this risk by interpreting natural language as instructions, allowing third-party and user-generated content to hijack the agent via prompt injection.
Sources: Arxiv